← Back

CVE-2026-42055

nvd nist
Published: Jun 17, 2026Modified: Jul 2, 2026

JSON object

Loading...
9.2
Vector
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: f5sirt@f5.com (Secondary)

Description

NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module modules. This vulnerability exists when the proxy_http_version to 2 or grpc_pass directives are used to proxy HTTP/2 traffic, the ignore_invalid_headers directive is set to off, and the large_client_header_buffers directive size is larger than 2 megabytes. A remote, unauthenticated attacker, along with conditions beyond their control, could send large headers while creating an upstream request. This may cause a heap-based buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected (44)

9 products
Dos
Nginx App Protect Dos
Nginx App Protect Waf
Nginx Gateway Fabric
Nginx Ingress Controller
Nginx Instance Manager
Nginx Open Source
Nginx Plus
Waf
Configuration A
44 vulnerable
Vulnerable SoftwareAffected Versions
Version 4.9.0
From 4.3.0 to 4.7.0
F5
From 4.10.0 to 4.16.0
From 5.2.0 to 5.8.0
F5
From 1.3.0 to 1.6.2
From 2.0.0 to 2.6.4
F5
From 3.5.0 to 3.7.2
From 5.0.0 to 5.5.1
Version 4.0.0
Version 4.0.1
From 2.17.0 to 2.22.0
F5
From 1.30.0 to 1.30.3
Version 1.31.1
F5
From 37.0.0 to 37.0.1
Version r30
Version r30 p1
Version r30 p2
Version r31
Version r31 p1
Version r31 p2
Version r31 p3
Version r32
Version r32 p1
Version r32 p2
Version r32 p3
Version r32 p4
Version r33
Version r33 p1
Version r33 p2
Version r33 p3
Version r34
Version r34 p1
Version r34 p2
Version r35
Version r35 p1
Version r36
Version r36 p1
Version r36 p2
Version r36 p3
Version r36 p4
Version r36 p5
Version r3
F5
From 5.9.0 to 5.13.1
Version 4.8.1

References (5)

Source: f5sirt@f5.com
Vendor Advisory
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Third Party Advisory
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Third Party Advisory
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Third Party Advisory
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Third Party Advisory

Timeline

No history available yet.